Red Kingdom Desktop

redcastel-behavioral analysis
readarch-live network monitor
readhound-scan-files
services- page- sigma rules
services- page- yara rules
services- page- add rules
home - page

Inspiration# 🏰 The Story of Red Kingdom

🌟 Inspiration

As a SOC Analyst, I noticed that security professionals often struggle with "Tool Fatigue"—jumping between Wireshark for networks, YARA for file analysis, and various sandboxes for behavioral checks. This fragmentation leads to delayed responses and missed evidence.

I was inspired to build Red Kingdom to create a "Unified Fortress." My goal was to provide a single, modular desktop environment where an analyst can monitor, analyze, and contain threats without leaving the platform.

🛠 How I Built It

Red Kingdom is designed with a Modular Architecture, ensuring each "Castle" (module) can operate independently or as part of a collective ecosystem.

Frontend: Developed using PyQt6 to provide a high-performance, responsive desktop experience.
Network Engine (RedArch): Powered by Scapy for real-time packet inspection and PCAP recording.
Threat Intelligence (Services): Integrates YARA and Sigma rules to standardize detection logic.
Endpoint Analysis (RedHound): A dedicated file analysis engine that implements automated quarantine protocols.

🧠 Challenges Faced

One of the biggest hurdles was managing the massive volume of security data. During development, I realized that storing raw PCAP files and malware samples consumed significant disk space and posed a security risk if left unencrypted.

To address this, I focused on implementing a "Secure Evidence Workflow." This involved:

Data Optimization: Ensuring logs are compressed to save space.
Encryption: Implementing AES encryption for quarantined files to prevent accidental execution.

📈 What I Learned

Building Red Kingdom taught me the importance of Evidence-Driven Response. I learned how to bridge the gap between low-level network packets and high-level behavioral analysis. I also deepened my knowledge of multi-threaded Python applications to ensure the UI remains responsive while the background engines scan for threats.

🚀 Future Roadmap: The "Kingdom Stats"

The next phase of Red Kingdom is to integrate a real-time Execution Counter and an automated Encrypted Archive System. This will allow analysts to track their performance and ensure all forensic evidence is compressed and encrypted automatically, maintaining the integrity of the investigation.

What it does

How we built it

Challenges we ran into

Accomplishments that we're proud of

What we learned

What's next for Red Kingdom Desktop

Built With

pyqt6
python
scapy
sigma-rules
yara-python

Submitted to

DeveloperWeek 2026 Hackathon

Created by

"I am the lead developer and architect of Red Kingdom. I designed the modular system architecture, implemented the network monitoring engine using Scapy, integrated YARA/Sigma for threat detection, and built the entire desktop GUI using PyQt6. I am also responsible for managing the security protocols, including the data encryption and compression workflows."

Rami Smadi
SOC Analyst and cybersecurity enthusiast building practical, beginner-friendly tools for real-world security operations.

Updates

Rami Smadi started this project — Feb 10, 2026 05:13 AM EST

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.